cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/security SecurityClassLoad.java
jfarcand2003/10/30 17:30:01
Modified:catalina/src/share/org/apache/catalina/security
SecurityClassLoad.java
http11/src/java/org/apache/coyote/http11
Http11Processor.java InternalOutputBuffer.java
jasper2/src/share/org/apache/jasper/runtime
JspWriterImpl.java PageContextImpl.java
jasper2/src/share/org/apache/jasper/security
SecurityClassLoad.java
Log:
Fix for bug 24270: NoClassDefFoundError when running in security mode
Next time I will update my tcks before syaing they all passes ;-)
Revision ChangesPath
1.11 +14 -4
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityClassLoad.java
Index: SecurityClassLoad.java
===
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityClassLoad.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- SecurityClassLoad.java19 Sep 2003 22:03:35 - 1.10
+++ SecurityClassLoad.java31 Oct 2003 01:30:01 - 1.11
@@ -89,6 +89,7 @@
loadUtilPackage(loader);
loadJavaxPackage(loader);
loadCoyotePackage(loader);
+loadHttp11Package(loader);
}
@@ -148,6 +149,15 @@
private final static void loadJavaxPackage(ClassLoader loader)
throws Exception {
loader.loadClass(javax.servlet.http.Cookie);
+}
+
+
+private final static void loadHttp11Package(ClassLoader loader)
+throws Exception {
+String basePackage = org.apache.coyote.http11.;
+loader.loadClass(basePackage + Http11Processor$1);
+loader.loadClass(basePackage + InternalOutputBuffer$1);
+loader.loadClass(basePackage + InternalOutputBuffer$2);
}
1.85 +19 -3
jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java
Index: Http11Processor.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -r1.84 -r1.85
--- Http11Processor.java 17 Oct 2003 18:45:40 - 1.84
+++ Http11Processor.java 31 Oct 2003 01:30:01 - 1.85
@@ -66,6 +66,8 @@
import java.net.InetAddress;
import java.net.Socket;
import java.util.StringTokenizer;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import org.apache.coyote.ActionCode;
import org.apache.coyote.ActionHook;
@@ -1434,9 +1436,23 @@
}
// Add date header
-if (! response.containsHeader(Date))
- response.addHeader(Date, FastHttpDateFormat.getCurrentDate());
-
+if (! response.containsHeader(Date)){
+
+ String date = null;
+ if (System.getSecurityManager() != null){
+date = (String)AccessController.doPrivileged(
+new PrivilegedAction() {
+public Object run(){
+return FastHttpDateFormat.getCurrentDate();
+}
+}
+);
+ } else {
+date = FastHttpDateFormat.getCurrentDate();
+ }
+ response.addHeader(Date, date);
+}
+
// Add server header
response.addHeader(Server, Constants.SERVER);
1.20 +28 -2
jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/InternalOutputBuffer.java
Index: InternalOutputBuffer.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/InternalOutputBuffer.java,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- InternalOutputBuffer.java 12 Sep 2003 13:15:36 - 1.19
+++ InternalOutputBuffer.java 31 Oct 2003 01:30:01 - 1.20
@@ -61,6 +61,8 @@
import java.io.IOException;
import java.io.OutputStream;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
@@ -489,16 +491,40 @@
// Write message
String message = response.getMessage();
if (message == null) {
-write(HttpMessages.getMessage(status));
+write(getMessage(status));
} else {
write(message);
}
// End the response status line
-write(Constants.CRLF_BYTES);
+
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/security SecurityClassLoad.java
jfarcand2003/09/19 14:24:48
Modified:jasper2/src/share/org/apache/jasper/runtime
PageContextImpl.java
jasper2/src/share/org/apache/jasper/security
SecurityClassLoad.java
Log:
Package protect the class properly.
Revision ChangesPath
1.54 +425 -249
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java
Index: PageContextImpl.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -r1.53 -r1.54
--- PageContextImpl.java 19 Sep 2003 19:29:15 - 1.53
+++ PageContextImpl.java 19 Sep 2003 21:24:47 - 1.54
@@ -254,150 +254,228 @@
attributes.clear();
}
-public Object getAttribute(String name) {
+public Object getAttribute(final String name) {
+
+if (name == null) {
+throw new NullPointerException(
+Localizer.getMessage(jsp.error.attribute.null_name));
+}
+
+if (System.getSecurityManager() != null){
+return AccessController.doPrivileged(new PrivilegedAction(){
+public Object run(){
+return doGetAttribute(name);
+}
+});
+} else {
+return doGetAttribute(name);
+}
- if (name == null) {
- throw new NullPointerException(
- Localizer.getMessage(jsp.error.attribute.null_name));
- }
- return attributes.get(name);
}
-public Object getAttribute(String name, int scope) {
+private Object doGetAttribute(String name){
+return attributes.get(name);
+}
- if (name == null) {
- throw new NullPointerException(
- Localizer.getMessage(jsp.error.attribute.null_name));
- }
+public Object getAttribute(final String name, final int scope) {
- switch (scope) {
- case PAGE_SCOPE:
- return attributes.get(name);
-
- case REQUEST_SCOPE:
- return request.getAttribute(name);
-
- case SESSION_SCOPE:
- if (session == null) {
- throw new IllegalStateException(
- Localizer.getMessage(jsp.error.page.noSession));
- }
- return session.getAttribute(name);
+if (name == null) {
+throw new NullPointerException(
+Localizer.getMessage(jsp.error.attribute.null_name));
+}
- case APPLICATION_SCOPE:
- return context.getAttribute(name);
+if (System.getSecurityManager() != null){
+return AccessController.doPrivileged(new PrivilegedAction(){
+public Object run(){
+return doGetAttribute(name, scope);
+}
+});
+} else {
+return doGetAttribute(name, scope);
+}
- default:
- throw new IllegalArgumentException(Invalid scope);
- }
}
-public void setAttribute(String name, Object attribute) {
+private Object doGetAttribute(String name, int scope){
+switch (scope) {
+case PAGE_SCOPE:
+return attributes.get(name);
+
+case REQUEST_SCOPE:
+return request.getAttribute(name);
+
+case SESSION_SCOPE:
+if (session == null) {
+throw new IllegalStateException(
+Localizer.getMessage(jsp.error.page.noSession));
+}
+return session.getAttribute(name);
- if (name == null) {
- throw new NullPointerException(
- Localizer.getMessage(jsp.error.attribute.null_name));
- }
+case APPLICATION_SCOPE:
+return context.getAttribute(name);
- if (attribute != null) {
- attributes.put(name, attribute);
- } else {
- removeAttribute(name, PAGE_SCOPE);
- }
+default:
+throw new IllegalArgumentException(Invalid scope);
+}
}
-public void setAttribute(String name, Object o, int scope) {
+public void setAttribute(final String name, final Object attribute) {
- if (name == null) {
- throw new NullPointerException(
- Localizer.getMessage(jsp.error.attribute.null_name));
- }
+if (name == null) {
+throw new NullPointerException(
+Localizer.getMessage(jsp.error.attribute.null_name));
+}
- if (o != null) {
- switch (scope) {
-
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/security SecurityClassLoad.java
jfarcand2003/06/23 12:35:59
Modified:jasper2 build.xml
jasper2/src/share/org/apache/jasper/compiler
JspRuntimeContext.java
Added: jasper2/src/share/org/apache/jasper/security
SecurityClassLoad.java
Log:
Refactorize the way inner classes are loaded when the security manager is turned on.
Add a security folder and start moving all security related code into that folder
(same design as org.apache.catalina). Add inner classes required to be loaded at
startup.
Revision ChangesPath
1.23 +1 -0 jakarta-tomcat-jasper/jasper2/build.xml
Index: build.xml
===
RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/build.xml,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- build.xml 12 Mar 2003 20:28:23 - 1.22
+++ build.xml 23 Jun 2003 19:35:59 - 1.23
@@ -157,6 +157,7 @@
include name=org/apache/jasper/compiler/Localizer.class /
include name=org/apache/jasper/resources/** /
include name=org/apache/jasper/runtime/** /
+include name=org/apache/jasper/security/** /
include name=org/apache/jasper/util/** /
/fileset
/jar
1.15 +6 -41
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspRuntimeContext.java
Index: JspRuntimeContext.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspRuntimeContext.java,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- JspRuntimeContext.java29 May 2003 16:34:37 - 1.14
+++ JspRuntimeContext.java23 Jun 2003 19:35:59 - 1.15
@@ -85,6 +85,7 @@
import org.apache.jasper.JspCompilationContext;
import org.apache.jasper.Options;
import org.apache.jasper.runtime.JspFactoryImpl;
+import org.apache.jasper.security.SecurityClassLoad;
import org.apache.jasper.servlet.JspServletWrapper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -113,43 +114,7 @@
*/
static {
JspFactoryImpl factory = new JspFactoryImpl();
-if( System.getSecurityManager() != null ) {
-String basePackage = org.apache.jasper.;
-try {
-factory.getClass().getClassLoader().loadClass( basePackage +
-runtime.JspFactoryImpl$PrivilegedGetPageContext);
-factory.getClass().getClassLoader().loadClass( basePackage +
-runtime.JspFactoryImpl$PrivilegedReleasePageContext);
-factory.getClass().getClassLoader().loadClass( basePackage +
-runtime.JspRuntimeLibrary);
-factory.getClass().getClassLoader().loadClass( basePackage +
-runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper);
-factory.getClass().getClassLoader().loadClass( basePackage +
-runtime.ServletResponseWrapperInclude);
-factory.getClass().getClassLoader().loadClass( basePackage +
-runtime.TagHandlerPool);
-factory.getClass().getClassLoader().loadClass( basePackage +
-servlet.JspServletWrapper);
-factory.getClass().getClassLoader().loadClass( basePackage +
-runtime.JspFragmentHelper);
-factory.getClass().getClassLoader().loadClass( basePackage +
-runtime.ProtectedFunctionMapper);
-factory.getClass().getClassLoader().loadClass( basePackage +
-runtime.ProtectedFunctionMapper$1);
-factory.getClass().getClassLoader().loadClass( basePackage +
-runtime.ProtectedFunctionMapper$2);
-factory.getClass().getClassLoader().loadClass( basePackage +
-runtime.PageContextImpl);
- factory.getClass().getClassLoader().loadClass( basePackage +
-runtime.PageContextImpl$1);
-factory.getClass().getClassLoader().loadClass( basePackage +
-runtime.JspContextWrapper);
-} catch (ClassNotFoundException ex) {
-System.out.println(
-Jasper JspRuntimeContext preload of class failed: +
-ex.getMessage());
-}
-}
+SecurityClassLoad.securityClassLoad(factory.getClass().getClassLoader());
JspFactory.setDefaultFactory(factory);
}
1.1
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/security/SecurityClassLoad.java
Index: SecurityClassLoad.java
